Vulnerability Name:

CVE-2015-2715 (CCN-103213)

Assigned:2015-05-12
Published:2015-05-12
Updated:2018-10-30
Summary:Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-2715

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:0934

Source: CONFIRM
Type: Vendor Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-53.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: BID
Type: UNKNOWN
74611

Source: CCN
Type: BID-74611
Mozilla Firefox and Thunderbird MFSA 2015-48 through -58 Multiple Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-2602-1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.mozilla.org/show_bug.cgi?id=988698

Source: XF
Type: UNKNOWN
firefox-cve20152715-code-exec(103213)

Source: GENTOO
Type: UNKNOWN
GLSA-201605-06

Source: CCN
Type: Mozilla Foundation Security Advisory 2015-53
Use-after-free due to Media Decoder Thread creation during shutdown

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-2715

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:firefox:*:*:*:*:*:*:*:* (Version <= 37.0.2)

  • Configuration 2:
  • cpe:/o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20152715
    V
    CVE-2015-2715
    2023-06-22
    oval:org.opensuse.security:def:7868
    P
    MozillaFirefox-102.11.0-150200.152.87.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:609
    P
    Security update for sqlite3 (Moderate) (in QA)
    2022-10-04
    oval:org.opensuse.security:def:720
    P
    Security update for ucode-intel (Moderate)
    2022-08-31
    oval:org.opensuse.security:def:3252
    P
    libsmi-0.4.8-18.55 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94882
    P
    MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:1523
    P
    Security update for MozillaThunderbird (Important)
    2022-06-13
    oval:org.opensuse.security:def:1167
    P
    Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (Important)
    2022-05-16
    oval:org.opensuse.security:def:1301
    P
    Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP3) (Important)
    2022-04-14
    oval:org.opensuse.security:def:1056
    P
    Security update for yaml-cpp (Moderate)
    2022-04-01
    oval:org.opensuse.security:def:1412
    P
    Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) (Important)
    2022-02-01
    oval:org.opensuse.security:def:111898
    P
    MozillaFirefox-50.1.0-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:945
    P
    Security update for net-snmp (Important)
    2022-01-11
    oval:org.opensuse.security:def:70030
    P
    Security update for xorg-x11-server (Important)
    2021-12-21
    oval:org.opensuse.security:def:93994
    P
    (Important)
    2021-12-06
    oval:org.opensuse.security:def:1639
    P
    Security update for squid (Moderate)
    2021-10-20
    oval:org.opensuse.security:def:105475
    P
    MozillaFirefox-50.1.0-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:71207
    P
    hardlink-1.0+git.e66999f-1.25 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:69925
    P
    Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:48045
    P
    ibus-chewing-1.4.14-4.11 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47570
    P
    bzip2-1.0.6-29.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47131
    P
    ppc64-diag-2.7.1-5.6 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48191
    P
    libsmi-0.4.8-18.55 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47794
    P
    libtasn1-4.9-3.5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47266
    P
    glib2-lang-2.48.2-10.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48287
    P
    python-pywbem-0.7.0-4.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48156
    P
    libnetpbm11-10.66.3-8.7.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47591
    P
    dbus-1-1.8.22-29.10.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47242
    P
    dosfstools-3.0.26-6.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48302
    P
    sane-backends-1.0.24-3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47831
    P
    mutt-1.10.1-55.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47377
    P
    libmpfr4-3.1.2-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47130
    P
    powerpc-utils-1.3.2-17.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48129
    P
    libjansson4-2.12-3.5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47702
    P
    libecpg6-10.5-1.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47145
    P
    rpcbind-0.2.3-21.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48256
    P
    pam_krb5-2.4.4-4.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47942
    P
    aaa_base-13.2+git20140911.61c1681-38.13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47459
    P
    pam_krb5-2.4.4-4.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47241
    P
    dnsmasq-2.76-17.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48358
    P
    zypper-1.13.51-21.26.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48240
    P
    memcached-1.4.39-4.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47683
    P
    libXrender1-0.9.8-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47256
    P
    freeradius-server-3.0.14-1.8 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:72447
    P
    MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62728
    P
    MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101134
    P
    MozillaFirefox-78.10.0-8.38.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:49443
    P
    Security update for nodejs10 (Important)
    2021-07-14
    oval:org.opensuse.security:def:48469
    P
    libXinerama1-1.1.3-3.54 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:71094
    P
    rpcbind-0.2.3-3.22 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48398
    P
    cyrus-sasl-2.1.26-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48367
    P
    apache-commons-httpclient-3.1-4.364 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64507
    P
    Security update for hivex (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:67754
    P
    Security update for the Linux Kernel (Live Patch 21 for SLE 15) (Important)
    2021-04-28
    oval:org.opensuse.security:def:100707
    P
    (Important)
    2021-02-17
    oval:org.opensuse.security:def:72331
    P
    MozillaFirefox-68.8.0-3.87.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107373
    P
    MozillaFirefox-68.8.0-3.87.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62612
    P
    MozillaFirefox-68.8.0-3.87.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:116931
    P
    MozillaFirefox-68.8.0-3.87.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72109
    P
    MozillaFirefox-52.7.3-1.35 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62390
    P
    MozillaFirefox-52.7.3-1.35 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:89851
    P
    MozillaFirefox-60.6.2-3.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:72220
    P
    MozillaFirefox-60.6.2-3.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:103506
    P
    MozillaFirefox-60.6.2-3.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:62501
    P
    MozillaFirefox-60.6.2-3.32.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:73365
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49386
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49554
    P
    libjbig2-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66674
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49497
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64420
    P
    opensc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73247
    P
    libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67854
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49332
    P
    socat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49608
    P
    MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:66582
    P
    pam on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.precise:def:20152715000
    V
    CVE-2015-2715 on Ubuntu 12.04 LTS (precise) - medium.
    2015-05-14
    oval:com.ubuntu.trusty:def:20152715000
    V
    CVE-2015-2715 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-05-14
    BACK
    mozilla firefox *
    opensuse opensuse 13.1
    opensuse opensuse 13.2